×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.
ehirsel Tue, 04/20/2004 - 08:50
User Badges:
  • Silver, 250 points or more

Using a ssl offloader is better suited for what you want to do. Port mapping on the pix does not change the protocol (http is still http and not https), it is useful for mapping services running on non-standard ports. For example if you run telent service on host 10.1.1.1 on port 51, you can do a static map for port 23 on global ip 192.168.1.1 and to the mapping, but the user is still using telent on port 23, immune to the fact that the actual telnet service is running on port 51. I.E., port mapping is another variant of pat/nat.


http and https are different because one is using encryption and the other not. I would look into using ssl offloading and a load-balancer so that you save your server cycles from ssl processing.


Actions

This Discussion